Welcome to the NI@root Blog

This blog will contain pretty much anything NI@root feels is worth publishing. This will include, but not be limited to; Stuffz

Moved to Amazon Cloud

After Hostmonster suspended all of my sites after I missed on email from them about being over their MYSQL quota, I decided I will no longer allow my interests to be hijacked by MYSQL fascists so I decided to move to the cloud. There is some database weirdness after the migration and some strange characters

Read More

Operation Oracle Reports Anti-Databreach

I think there has been enough media attention to Oracle Reports data exposures and hopefully there are less exposures than there were a couple of months ago. I have decided to automate the testing of Oracle Reports servers in the US for possible data exposures as well as servers that are vulnerable to exploits that

Read More

Massive Oracle Reports Data Exposures

Before coming to Phoenix for a pentest contract I had done research and discovered around 30 sensitive data exposures on systems that were managed by state government, county school systems, medical establishments, dental, higher education and more. I had contacted the Philadelphia FBI office and at first they seemed interested in helping me but then

Read More

Shellshock – CVE-2014-6271 – Exploits in the Wild

*note* This page is being updated as new information comes in. For those who run web applications that could be an attack vector for the BashBug, a.k.a Shellshock, you may want to take this VERY seriously. There are already 4 Metasploit modules in the works. Pull #3880†modules/auxiliary/admin/http/bash_env.rb†<- conformed by NI@root Pull #3882†osx vmware/bash priv escalation

Read More